[Dovecot] Solaris hardware crypto engines
Martin Preen
preen at informatik.uni-freiburg.de
Thu Nov 24 10:45:26 EET 2011
Timo Sirainen wrote:
> On Mon, 2011-11-21 at 23:49 +0100, Martin Preen wrote:
>
>> # /usr/sfw/bin/openssl engine
>> (pkcs11) PKCS #11 engine support
>>
>>>> ENGINE_set_default_RSA(e); ENGINE_set_default_DSA(e);
>>>> ENGINE_set_default_ciphers(e);
>>>>
>>>> in ssl_proxy_init() and inserting ENGINE_cleanup(); in ssl_proxy_deinit()
>>>> the crypto device gets used. I'm sure that this is not the whole story since
>>>> this only seems to affect the IMAP login.
>>> It should work for POP3 as well, all of the SSL code is shared.
>> I couldn't find the EncryptUpdate call which has to be changed too
>> (due to the howto documents). Maybe some other call needs e patch.
>> But I don't know which.
>
> What EncryptUpdate?.. I've anyway added the engine init/deinit calls in
> your email to v2.1 hg. Lets hope it works :) At least it didn't break
> when I tried it with "dynamic" value (which is the only engine my
> OpenSSL supports).
Probably I'm wrong (I have no experience with SSL programming). I thught
the EncryptUpdate was necessary for the encoding of the SSL data stream.
But maybe there has to be a link between engine initialization and the
SSL contexts ?
Martin
---------------------------------------------------------------
Martin Preen, Universität Freiburg, Institut für Informatik
Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany
phone: ++49 761 203-8250 preen at informatik.uni-freiburg.de
fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/~preen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6337 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20111124/8e4a6170/attachment-0004.bin>
More information about the dovecot
mailing list